Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Azure MFA service integration with APM

Oreoluwa
Altocumulus
Altocumulus

‎02-Sep-2020 00:48

Hi,

Do i need to have an Azure MFA Radius Server on prem to implement MFA with my APM? Can't i use the default Azure MFA service that comes with my Azure AD? On Azure AD, i could just tick boxes to choose my users who should use MFA and for what Applications. Can I do this for F5 too?

 

 

Labels:
0 Kudos
7 REPLIES 7

Pistle
Nimbostratus
Nimbostratus

‎07-Sep-2020 04:05

RADIUS is a standard protocol to accept authentication requests and to process those requests. The Azure Multi-Factor Authentication Server can act as a RADIUS server. Insert it between your RADIUS client (VPN appliance) and your authentication target to add two-step verification. Your authentication target could be Active Directory, an LDAP directory, or another RADIUS server. For Azure Multi-Factor Authentication (MFA) to function, you must configure the Azure MFA Server so that it can communicate with both the client servers and the authentication target. The Azure MFA Server accepts requests from a RADIUS client, validates credentials against the authentication target, adds Azure Multi-Factor Authentication, and sends a response back to the RADIUS client. The authentication request only succeeds if both the primary authentication and the Azure Multi-Factor Authentication succeed. I would recommend, refer Managed Azure Services, to get more details about the Azure services.

Best regards

Oreoluwa
Altocumulus
Altocumulus
In response to Pistle

‎01-Oct-2020 04:45

Thank you Pistle

0 Kudos

boneyard
MVP
MVP

‎04-Oct-2020 05:34

while RADIUS is an option it is also possible to do this more native

 

https://devcentral.f5.com/s/articles/Azure-Active-Directory-and-BIG-IP-APM-Integration

 

the world is moving more and more to saml for authentication, it sure is possible to setup RADIUS server in Azure, but why not give the the native authentication method a try

0 Kudos

Oreoluwa
Altocumulus
Altocumulus
In response to boneyard

‎09-Nov-2020 03:14

Hi Boneyard, i eventually used SAML and it worked for the authentication. However, there was a new hurdle. Portal access for Azure User groups using SAML attributes. I am not sure how to go about this. Could you help please?

0 Kudos

boneyard
MVP
MVP
In response to Oreoluwa

‎27-Feb-2021 00:42

it has been a while but i got this worked out some time ago.

 

within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.

0 Kudos

Intothecloud
Altocumulus
Altocumulus
In response to Oreoluwa

‎19-Sep-2021 06:12

I am facing the same issue, How you managed to solve this ?

0 Kudos

boneyard
MVP
MVP
In response to Oreoluwa

‎07-Nov-2021 07:15

like i wrote before:

 

within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.

0 Kudos
Copyright © 2023 Khoros, LLC